Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootrepeal alternative


  • Please log in to reply
3 replies to this topic

#1 masterx81

masterx81

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 20 April 2012 - 03:23 AM

Hi!
I'm using with a lot of satisfaction rootrepeal for all my virus removal procedures. I love it! It's in my 'toolbox', with hijackthis, gmer and combofix...
But it has some bugs (crashes on some systems), it not support 64-bit os's, and don't have any update from long time... I've tryeid the 2.0beta, but have a lot of problems...
There is an alternative with similar functions?
Really thanks!

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,905 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:49 AM

Posted 20 April 2012 - 08:21 AM

HijackThis only scans certain areas of a computer's system/registry to help diagnose the presence of undetected malware in known hiding places. Given the sophistication of malware hiding techniques used by attackers in today's environment, HijackThis is limited in its ability to detect infection and generate a report outside these known hiding places. This limitation has made its usefulness nearly obsolete since a HijackThis log cannot reveal all the malware residing on a computer. As such, HijackThis has been replaced by other preferred tools like DDS, OTL and RSIT that provide comprehensive logs with specific details about more areas of a computer's system, files, folders and registry keys which may have been modified by malware infection.

Preliminary scans from these tools should be used before ComboFix. Analysis of those logs allows planning an strategy for effective disinfection and a determination if using ComboFix is necessary. If you have not already done so, you should read this topic about ComboFix usage.

Most anti-rootkit scanners (ARKs) do not work on 64-bit systems and conventional Kernel-mode Rootkits are not usually able to infect a 64-bit systems so they are less prone to that type of infection. Due to the architecture in 64-bit windows, drivers need to be digitally signed. Windows 64-bit enforces driver signing and utilizes Kernel Patch Protection (Patchguard) which does not permit the installation of unsigned kernel level drivers. For more specific information about Patchguard, please refer to:
Since drivers need to be specific, 32-bit drivers do not run on a 64-bit operating system. As such, tools like GMER and Root Repeal which need to install kernel level drivers to operate, do not function fully on 64-bit machines and therefore they are not useful tools for such systems. Although GMER can run on a 64-bit version of Windows only registry, services and files can be scanned...other options are grayed out.

There are many free anti-rootkit tools but some of them require a certain level of expertise and investigative ability to use. These are a few of the easier ARKS for novice users:Malwarebytes Anti-Malware uses a proprietary low level driver (similar to some ARK detectors) to locate hidden files and special techniques which enable it to detect a wide spectrum of threats including active rootkits. SUPERAntiSpyware Free offers technology to deal with rootkit infections as well.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 masterx81

masterx81
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 20 April 2012 - 09:00 AM

I use hijackthis for simple virus infections (autorun, etc), and the others for deeper search (rootkits).
So, for now i can be confident that 64bit os don't get nasty virus with kpp...
I can continue to use rootrepael on 32bit, as seem that there isn't any better alternative :) It catch things that other tool don't remove (tdss, combofix, etc)
Thanks!

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,905 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:49 AM

Posted 20 April 2012 - 04:49 PM

PatchGuard does not prevent a 64-bit machine from getting infected with User-mode Rootkits, or MBR Bootkits which overwrite the Master Boot Record. As attackers and malware writers improve technology, they find workarounds and we are seeing more 64-bit systems get infected.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users